Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentMac OS X Server Version 10.3 or Later
41424344454647484950
Chapter 4 Open Directory Planning 45
If you want all computers to have access to certain administrative data, you store the
data in a shared directory domain that is in all computers’ search policies. To make
some data accessible only to a subset of computers, you store it in a shared directory
domain that is only in the search policies of those computers.
Simplifying Changes to Data in Directories
If you need more than one shared directory domain, you should organize your search
policies to minimize the number of places data has to change over time. You should
also devise a plan that addresses how you want to manage such ongoing events as:
New users joining and leaving your organization
File servers being added, enhanced, or replaced
Printers being moved among locations
You’ll want to try to make each directory domain applicable to all the computers that
use it so you don’t have to change or add information in multiple domains. In the
foregoing illustration of multilevel shared domains, adding a new student to a class’s
shared domain enables the student to log in to any of the classs computers. As
instructors are hired or retire, the administrator can make adjustments to user
information simply by editing the school’s shared domain.
If you have a widespread or complex hierarchy of directory domains in a network that
is managed by several administrators, you need to devise strategies to minimize
conflicts. For example, you can predefine ranges of user IDs (UIDs) to avoid inadvertent
file access. (For more information, see the chapter on setting up accounts in the user
management guide.)
Estimating Directory and Authentication Requirements
In addition to considering how you want to distribute directory data among multiple
domains, you must also consider the capacity of each directory domain. A number of
factors affect how large a directory domain can be. One factor is the performance of
the database that stores the directory information. The LDAP directory domain of
Mac OS X Server version 10.3 and later uses the Berkeley DB database, which will
remain efficient with 100,000 records. Of course, a server hosting a directory domain of
that size would need sufficient hard disk space to store all the records.
The number of connections that a directory service can handle is harder to measure
because directory service connections occur in the context of the connections of all the
services that the server provides. With Mac OS X Server version 10.3, a server dedicated
to Open Directory has a limit of 250 simultaneous client computer connections.
LL2352.Book Page 45 Friday, August 22, 2003 3:12 PM